Changing headers that IIS/ASP.NET sends. Side-effects?
IIS / ASP.NET sends HTTP headers to identify itself by default.
Server Microsoft-IIS/7.5
X-AspNetMvc-Version 2.0
X-AspNet-Version 4.0.30319
X-Powered-By ASP.NET
Is there any reason not to remove these? Considering the ASP.NET vulnerabilitie开发者_C百科s recently discovered, some people recommend changing the Server
header to that of another server, such as Apache, to throw off scanners looking for affected websites. This seems like a good idea. Are there any unwanted side effects that I'm not thinking of?
I agree with Andrew, but for practical purposes yes this is possible (see here) and I am not aware of any negative side-effects - I believe these exist purely for stat-gathering and "advertising" purposes and the ubiquitous "reserved for future use".
In my experience, such tricks are not useful in the least. Spend your time making sure the server is actually secure, rather than wasting time on hacks of essentially no benefit whatsoever. There are plenty of other more reliable ways to know what operating system and web service a server is running.
精彩评论